Re: Changing Passwords as Encrypted not Clear-Text

On Monday, December 19, 2011 7:26:33 am MURAT KOÇ wrote:
> Hi Adrian,
>
> I wrote a desktop application on Windows by using "Npgsql.dll". So, I send
> SQL statement to database from this application code. I can't use psql
> command line (I know "\password" command changes password encrypted text).
>
> Because of this, I have to use "ALTER USER" statement from application
> code. Or what could you give another advice?

Well you could do what psql does which is generate the password and send it
encrypted.

http://www.postgresql.org/docs/9.0/static/catalog-pg-authid.html
"
Password (possibly encrypted); null if none. If the password is encrypted, this
column will contain the string md5 followed by a 32-character hexadecimal MD5
hash. The MD5 hash will be of the user's password concatenated to their username
(for example, if user joe has password xyzzy, PostgreSQL will store the md5 hash
of xyzzyjoe)."

What psql does:
\password test_user
Where password is 'test_pass'

Log entry:
ALTER USER test_user PASSWORD 'md5c326ab35c9353dd34801ecd7ab7b1d76'

What you can do:

Use md5 function:
SELECT md5('test_passtest_user');
md5
----------------------------------
c326ab35c9353dd34801ecd7ab7b1d76

Take 'md5'||'c326ab35c9353dd34801ecd7ab7b1d76'

ALTER USER test_user PASSWORD 'md5c326ab35c9353dd34801ecd7ab7b1d76'

>
> Best Regards
> Murat KOC
>

--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com